přepsané přípony virem

Zpráva

estadra · #1 Příspěvek od **estadra** » 04 pro 2015 23:42

AHoj

mám problém.. asi jsem v noci na něco klikla a půlka videi a hudby na HDD se přepsala na různé nesmysle... chtěla jsem to ručně přepsat zpátky ale ty soubory nefungují

pomůžete mě? prosím?

zkoušela jsem Kaspersky ale furt mě to píše něco o originál souboru.. přitom na originál soubor poukazuju

děkuji

#2 Příspěvek od **Rudy** » 05 pro 2015 11:31

Zdravím!
Soubory se patrně zašifrovaly a rozšifrovéní není jednoduché a nemusí se podařit. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

estadra · #3 Příspěvek od **estadra** » 05 pro 2015 15:41

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by egon41 (administrator) on EGON (05-12-2015 15:36:57)
Running from C:\Users\egon41\Desktop
Loaded Profiles: egon41 (Available Profiles: egon41 & Administrator)
Platform: Windows 8 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugincontainer.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Common Files\a95f8535-bd08-4370-a6e0-814924c0d5f0\updater.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(PS Media s.r.o.) C:\Users\egon41\AppData\Roaming\StartMenu\StartMenu.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\10\Plugin.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\5\Plugin.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\8\Plugin.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\2\Plugin.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\3\Plugin.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\7\Plugin.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\7\Plugin.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\3\Plugin.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\12\Plugin.exe
() C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugins\12\Plugin.exe
(PandoraTV) C:\KMPlayer\KMPlayer.exe
(forum.viry.cz) C:\Users\egon41\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\...\Run: [StartMenu] => C:\Users\egon41\AppData\Roaming\StartMenu\StartMenu.exe [3359872 2015-02-09] (PS Media s.r.o.)
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-05] (Lavasoft)
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-05] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-05] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{568D77CD-A576-4602-A55D-172C956F6AC4}: [DhcpNameServer] 172.16.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1100953112-3390083647-3253037084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 1205__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsOUwhBRwNHbQleWQxcFQRCIRQBB19IDAARJlsLWQtDEwUXJh9aFQQTSEcFME0FCFwEURNNfXpZFVwDRFFXL2BXFA==&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsOUwhBRwNHbQleWQxcFQRCIRQBB19IDAARJlsLWQtDEwUXJh9aFQQTSEcFME0FCFwEURNNfXpZFVwDRFFXL2BXFA==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1100953112-3390083647-3253037084-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsOUwhBRwNHbQleWQxcFQRCIRQBB19IDAARJlsLWQtDEwUXJh9aFQQTSEcFME0FCFwEURNNfXpZFVwDRFFXL2BXFA==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1100953112-3390083647-3253037084-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-1100953112-3390083647-3253037084-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsOUwhBRwNHbQleWQxcFQRCIRQBB19IDAARJlsLWQtDEwUXJh9aFQQTSEcFME0FCFwEURNNfXpZFVwDRFFXL2BXFA==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1100953112-3390083647-3253037084-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151205__yaie&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-04-24] (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-19] (Oracle Corporation)
BHO-x32: Catered to You -> {b90183ad-1cf4-4d7b-9461-b89083957547} -> C:\Program Files (x86)\Catered to You\Extensions\b90183ad-1cf4-4d7b-9461-b89083957547.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-19] (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-28] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\egon41\AppData\Roaming\Mozilla\Firefox\Profiles\608upvaa.default
FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 1205__yaff
FF DefaultSearchEngine: Yahoo®
FF SelectedSearchEngine: Yahoo®
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 1205__yaff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-01-16] (mozilla.org)
FF SearchPlugin: C:\Users\egon41\AppData\Roaming\Mozilla\Firefox\Profiles\608upvaa.default\searchplugins\yahoo-lavasoft.xml [2015-12-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml [2010-01-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml [2010-01-16]
FF Extension: Seznam lištička - C:\Users\egon41\AppData\Roaming\Mozilla\Firefox\Profiles\608upvaa.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-12-04] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-13] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-01-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-01-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) [File not signed]
R3 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-05] (Lavasoft Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-05] ()
R2 Service Mgr CateredtoYou; C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0\plugincontainer.exe [725224 2015-12-05] () <==== ATTENTION
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Update Mgr CateredtoYou; C:\Program Files (x86)\Common Files\a95f8535-bd08-4370-a6e0-814924c0d5f0\updater.exe [606440 2015-12-05] () <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-05-01] (Microsoft Corporation)
R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-05-01] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-08-08] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-05-01] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-05-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-05-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 msahci; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 15:36 - 2015-12-05 15:37 - 00021970 _____ C:\Users\egon41\Desktop\FRST.txt
2015-12-05 15:34 - 2015-12-05 15:34 - 00112640 _____ (forum.viry.cz) C:\Users\egon41\Desktop\FRSTLauncher.exe
2015-12-05 15:33 - 2015-12-05 15:36 - 00000000 ____D C:\FRST
2015-12-05 15:33 - 2015-12-05 15:33 - 02369024 _____ (Farbar) C:\Users\egon41\Desktop\FRST64.exe
2015-12-05 15:12 - 2015-12-05 15:12 - 00002314 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_15.12.43_log.txt
2015-12-05 13:44 - 2015-12-05 14:52 - 00000000 ____D C:\Program Files (x86)\Executive Software
2015-12-05 13:44 - 2015-12-05 13:44 - 00000000 __SHD C:\RecoveryBin
2015-12-05 13:44 - 2015-12-05 13:44 - 00000000 ____D C:\Windows\Downloaded Installations
2015-12-05 13:44 - 2015-08-27 14:44 - 00000020 _____ C:\Windows\GndGGGg.dat
2015-12-05 13:44 - 2015-08-27 14:44 - 00000012 _____ C:\Windows\nGdGGfg.cfg
2015-12-05 13:39 - 2015-12-05 13:39 - 00000000 ____D C:\Users\egon41\AppData\Roaming\AVG
2015-12-05 13:39 - 2015-12-05 13:39 - 00000000 ____D C:\Users\egon41\AppData\Local\Avg
2015-12-05 13:38 - 2015-12-05 13:42 - 00000000 ____D C:\ProgramData\AVG
2015-12-05 13:38 - 2015-12-05 13:38 - 02161248 _____ (Repair Video, Inc. ) C:\Users\egon41\Desktop\asf-avi-rm-wmv-repair.exe
2015-12-05 13:38 - 2015-12-05 13:38 - 00000395 _____ C:\Prefs.js
2015-12-05 13:38 - 2015-12-05 13:38 - 00000000 ____D C:\Users\egon41\AppData\Local\Lavasoft
2015-12-05 13:38 - 2015-12-05 13:38 - 00000000 ____D C:\searchplugins
2015-12-05 13:37 - 2015-12-05 13:46 - 00002944 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-05 13:37 - 2015-12-05 13:46 - 00002944 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-12-05 13:37 - 2015-12-05 13:37 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-12-05 13:37 - 2015-12-05 13:37 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-12-05 13:37 - 2015-12-05 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-12-05 13:37 - 2015-12-05 13:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-05 13:36 - 2015-12-05 13:36 - 01319328 _____ (File Repair ) C:\Users\egon41\Desktop\file-repair_2.1.exe
2015-12-05 13:36 - 2015-12-05 13:36 - 00001161 _____ C:\Users\egon41\Desktop\File Repair.lnk
2015-12-05 13:36 - 2015-12-05 13:36 - 00000000 ____D C:\Users\egon41\AppData\Roaming\OpenCandy
2015-12-05 13:36 - 2015-12-05 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2015-12-05 13:36 - 2015-12-05 13:36 - 00000000 ____D C:\Program Files (x86)\Repair File
2015-12-05 13:24 - 2015-12-05 13:24 - 00000000 ____D C:\Users\egon41\Documents\Log Files
2015-12-05 13:19 - 2015-12-05 13:19 - 11519328 _____ (Jihosoft Studio ) C:\Users\egon41\Desktop\JihosoftAVIRepairTrial.exe
2015-12-05 13:19 - 2015-12-05 13:19 - 00001191 _____ C:\Users\Public\Desktop\Jihosoft AVI Repair.lnk
2015-12-05 13:19 - 2015-12-05 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jihosoft AVI Repair
2015-12-05 13:19 - 2015-12-05 13:19 - 00000000 ____D C:\Program Files (x86)\Jihosoft
2015-12-05 13:04 - 2015-12-05 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
2015-12-05 13:04 - 2015-12-05 13:07 - 00000000 ____D C:\Program Files (x86)\File Scavenger 3.2
2015-12-05 12:55 - 2015-12-05 12:56 - 00802536 _____ C:\Users\egon41\Desktop\File Scavenger 4.3 License keygen Crack__13150_i1770859503_il14422.exe
2015-12-05 12:50 - 2015-12-05 12:57 - 00802536 _____ C:\Users\egon41\Desktop\File Scavenger 4.3 Crack License key Free Download__13150_i1770851856_il9920.exe
2015-12-05 12:42 - 2015-12-05 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 4.3
2015-12-05 12:42 - 2015-12-05 12:56 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.3
2015-12-05 12:41 - 2015-12-05 12:41 - 08503688 _____ C:\Users\egon41\Desktop\32fsu43.exe
2015-12-05 12:40 - 2015-12-05 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-05 12:40 - 2015-12-05 12:40 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-12-05 12:39 - 2015-12-05 12:40 - 00802536 _____ C:\Users\egon41\Desktop\File Scavenger 4.3 License key Crack free download__13150_i1770837695_il16945.exe
2015-12-05 12:38 - 2015-12-05 12:38 - 00001088 _____ C:\Users\egon41\Desktop\Pokračovat v instalaci Setup.lnk
2015-12-05 12:37 - 2015-12-05 12:37 - 00944232 _____ (Generic program ) C:\Users\egon41\Desktop\Setup__307169.exe
2015-12-05 12:36 - 2015-12-05 12:36 - 02044531 _____ C:\Users\egon41\Desktop\Setup Installer (Right Click and select extract).rar
2015-12-05 12:36 - 2015-12-05 12:36 - 00001113 _____ C:\Users\egon41\Desktop\Continue Instalador Installation.lnk
2015-12-05 11:37 - 2015-12-05 11:37 - 01919688 _____ (QueTek Consulting Corporation) C:\Users\egon41\Desktop\32fsu42.exe
2015-12-05 11:37 - 2015-12-05 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 4.2
2015-12-05 11:37 - 2015-12-05 11:37 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2015-12-05 10:19 - 2015-12-05 10:19 - 00002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2015-12-05 10:19 - 2015-12-05 10:19 - 00002033 _____ C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2015-12-05 10:19 - 2015-12-05 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-12-05 10:19 - 2015-12-05 10:19 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2015-12-05 10:14 - 2015-12-05 10:14 - 02657967 _____ C:\Users\egon41\Desktop\gdbnt.zip
2015-12-05 09:36 - 2015-12-05 10:10 - 00000000 ____D C:\Program Files (x86)\Pandora Recovery
2015-12-05 09:36 - 2015-12-05 09:36 - 02428233 _____ C:\Users\egon41\Desktop\PandoraRecovery.exe
2015-12-05 09:36 - 2015-12-05 09:36 - 00001972 _____ C:\Users\Public\Desktop\Pandora Recovery.lnk
2015-12-05 09:36 - 2015-12-05 09:36 - 00000000 ____D C:\Users\egon41\AppData\Roaming\PandoraRecovery
2015-12-05 09:36 - 2015-12-05 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-12-05 09:29 - 2015-12-05 09:29 - 00937024 _____ (ShadowExplorer.com ) C:\Users\egon41\Desktop\ShadowExplorer-0.8-setup.exe
2015-12-05 08:53 - 2015-12-05 10:11 - 00002586 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_08.53.40_log.txt
2015-12-05 01:11 - 2015-12-05 01:14 - 00002400 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_01.11.47_log.txt
2015-12-05 01:06 - 2015-12-05 01:09 - 00002216 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_01.06.25_log.txt
2015-12-05 00:43 - 2015-12-05 00:44 - 00002486 _____ C:\XoristDecryptor.2.3.45.0_05.12.2015_00.43.11_log.txt
2015-12-05 00:41 - 2015-12-05 00:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-12-05 00:38 - 2015-12-05 00:39 - 00002036 _____ C:\CoinVaultDecryptor.1.0.0.3_05.12.2015_00.38.39_log.txt
2015-12-05 00:38 - 2015-12-01 15:10 - 01243144 _____ (Kaspersky Lab ZAO) C:\Users\egon41\Desktop\CoinVaultDecryptor.exe
2015-12-05 00:38 - 2015-10-29 15:12 - 00014774 _____ C:\Users\egon41\Desktop\license Utility RU.txt
2015-12-05 00:38 - 2015-10-29 15:12 - 00014351 _____ C:\Users\egon41\Desktop\license Utility EN.txt
2015-12-05 00:38 - 2015-10-29 13:58 - 00004151 _____ C:\Users\egon41\Desktop\legal_notices.txt
2015-12-05 00:37 - 2015-12-05 00:38 - 00002276 _____ C:\CoinVaultDecryptor.1.0.0.3_05.12.2015_00.37.54_log.txt
2015-12-05 00:37 - 2015-12-05 00:37 - 01184786 _____ C:\Users\egon41\Desktop\CoinVaultDecryptor.rar
2015-12-05 00:36 - 2015-12-05 00:37 - 00002216 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_00.36.52_log.txt
2015-12-05 00:36 - 2015-12-05 00:36 - 00002318 _____ C:\XoristDecryptor.2.3.45.0_05.12.2015_00.36.03_log.txt
2015-12-05 00:32 - 2015-12-05 00:34 - 00002770 _____ C:\XoristDecryptor.2.3.45.0_05.12.2015_00.32.44_log.txt
2015-12-05 00:23 - 2015-12-05 00:32 - 00003864 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_00.23.43_log.txt
2015-12-05 00:15 - 2015-12-05 00:23 - 00004750 _____ C:\XoristDecryptor.2.3.45.0_05.12.2015_00.15.07_log.txt
2015-12-05 00:12 - 2015-12-05 00:12 - 00623264 _____ (Kaspersky Lab ZAO) C:\Users\egon41\Desktop\xoristdecryptor.exe
2015-12-05 00:05 - 2015-12-05 00:15 - 00002586 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_00.05.39_log.txt
2015-12-05 00:01 - 2015-12-05 00:05 - 00002674 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_00.01.50_log.txt
2015-12-05 00:00 - 2015-12-05 00:01 - 00002778 _____ C:\RannohDecryptor.1.8.0.1_05.12.2015_00.00.13_log.txt
2015-12-04 23:59 - 2015-12-05 00:00 - 00002216 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.59.55_log.txt
2015-12-04 23:59 - 2015-12-04 23:59 - 00002216 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.59.28_log.txt
2015-12-04 23:58 - 2015-12-04 23:59 - 00002216 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.58.52_log.txt
2015-12-04 23:58 - 2015-12-04 23:58 - 00002218 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.58.31_log.txt
2015-12-04 23:53 - 2015-12-04 23:58 - 00003418 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.53.54_log.txt
2015-12-04 23:51 - 2015-12-04 23:53 - 00002858 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.51.03_log.txt
2015-12-04 23:47 - 2015-12-05 09:10 - 00969845 _____ (ShadowExplorer.com ) C:\Users\egon41\Desktop\ShadowExplorer-0.9-setup.exe
2015-12-04 23:44 - 2015-12-04 23:45 - 00002120 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.44.34_log.txt
2015-12-04 23:44 - 2015-12-01 16:52 - 00477872 _____ (Kaspersky Lab ZAO) C:\Users\egon41\Desktop\RannohDecryptor.exe
2015-12-04 23:44 - 2015-10-29 15:12 - 00014351 _____ C:\Users\egon41\Desktop\eula.txt
2015-12-04 23:21 - 2015-12-04 23:44 - 00002472 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.21.46_log.txt
2015-12-04 23:20 - 2015-12-04 23:20 - 00002032 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.20.47_log.txt
2015-12-04 23:20 - 2015-12-04 23:20 - 00000905 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-12-04 23:20 - 2015-12-04 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-12-04 23:20 - 2015-12-04 23:20 - 00000000 ____D C:\Program Files\Reason
2015-12-04 23:13 - 2015-12-04 23:20 - 00003334 _____ C:\RannohDecryptor.1.8.0.1_04.12.2015_23.13.41_log.txt
2015-12-04 23:12 - 2015-12-04 23:12 - 00403355 _____ C:\Users\egon41\Desktop\rannohdecryptor.zip
2015-12-04 23:06 - 2015-12-04 23:06 - 03802952 _____ (Reason Software Company Inc.) C:\Users\egon41\Desktop\reason-core-security-setup.exe
2015-12-04 23:03 - 2015-12-04 23:03 - 00016590 _____ C:\ComboFix.txt
2015-12-04 21:45 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-04 21:45 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-04 21:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-04 21:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-04 21:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-04 21:45 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-12-04 21:45 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-04 21:45 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-04 21:45 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-04 21:44 - 2015-12-04 23:00 - 00000000 ____D C:\Windows\erdnt
2015-12-04 21:44 - 2015-12-04 21:43 - 05639148 ____R (Swearware) C:\Users\egon41\Desktop\ComboFix.exe
2015-12-04 20:30 - 2015-12-04 23:03 - 00000000 ____D C:\Qoobox
2015-12-04 19:00 - 2015-12-05 13:37 - 00000000 ____D C:\Users\egon41\AppData\Roaming\Lavasoft
2015-12-04 18:42 - 2015-12-04 18:42 - 00000000 ____D C:\Users\egon41\AppData\Roaming\LavasoftStatistics
2015-12-04 18:40 - 2015-12-04 18:40 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-12-04 18:39 - 2015-12-05 13:53 - 00000000 ____D C:\Users\egon41\AppData\Roaming\Seznam.cz
2015-12-04 18:39 - 2015-12-05 13:36 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-04 18:39 - 2015-12-04 18:39 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-12-04 18:24 - 2015-12-04 18:24 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-25 17:30 - 2015-11-25 17:30 - 00000965 _____ C:\Users\egon41\Desktop\frd.exe – zástupce.lnk
2015-11-24 18:56 - 2015-11-24 18:56 - 00001194 _____ C:\Users\egon41\Desktop\ConvertXToDVD 5.lnk
2015-11-15 22:12 - 2015-11-15 22:12 - 00001948 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2015-11-15 22:12 - 2015-11-15 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2015-11-15 22:12 - 2015-11-15 22:12 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2015-11-15 22:07 - 2015-11-15 22:07 - 00000300 _____ C:\Users\egon41\AppData\LocalLow\HELP_DECRYPT.URL
2015-11-15 21:58 - 2015-11-15 21:58 - 00001905 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-15 21:58 - 2015-11-15 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-11-15 21:58 - 2015-11-15 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-13 12:44 - 2015-11-13 12:44 - 00002025 _____ C:\Users\Public\Desktop\4Media MP4 Converter.lnk
2015-11-13 12:44 - 2015-11-13 12:44 - 00000000 ____D C:\Users\egon41\AppData\Roaming\4Media
2015-11-13 12:44 - 2015-11-13 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media
2015-11-13 12:39 - 2015-11-13 12:39 - 00000000 ____D C:\ProgramData\4Media
2015-11-13 12:39 - 2015-11-13 12:39 - 00000000 ____D C:\Program Files (x86)\4Media
2015-11-13 12:38 - 2015-11-13 12:38 - 37582613 _____ C:\Users\egon41\Desktop\m-mp4-converter6.exe
2015-11-13 12:37 - 2015-11-13 12:37 - 03166669 _____ (PolySoft Solutions ) C:\Users\egon41\Desktop\FreeAVIToMP4Converter.exe
2015-11-13 12:37 - 2015-11-13 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free AVI to MP4 Converter
2015-11-13 12:37 - 2015-11-13 12:37 - 00000000 ____D C:\Program Files (x86)\Free AVI to MP4 Converter
2015-11-13 09:56 - 2015-12-04 22:59 - 00000000 ____D C:\Users\egon41\AppData\Local\CrashDumps
2015-11-13 09:51 - 2015-11-13 09:51 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-11-11 21:23 - 2015-11-11 21:23 - 00001528 _____ C:\Users\egon41\Desktop\wmplayer – zástupce.lnk
2015-11-09 20:16 - 2015-11-09 20:15 - 01050655 _____ C:\Users\egon41\Desktop\arrow-2-rada-titulky-cz-sz.zip
2015-11-06 16:36 - 2015-11-06 16:36 - 00743454 _____ C:\Users\egon41\Desktop\cica.php
2015-11-06 16:36 - 2015-11-06 16:35 - 05004119 _____ C:\Users\egon41\Desktop\medula.php
2015-11-06 12:29 - 2015-11-06 12:29 - 00003790 _____ C:\Windows\System32\Tasks\klcp_update
2015-11-06 12:28 - 2015-11-06 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-11-06 12:27 - 2015-11-06 12:28 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-11-05 19:52 - 2015-11-05 19:52 - 37460862 _____ ( ) C:\Users\egon41\Desktop\K-Lite_Codec_Pack_1155_Full.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 15:33 - 2012-07-26 06:37 - 00000000 ____D C:\Windows
2015-12-05 15:24 - 2015-10-20 17:09 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 15:12 - 2015-10-20 22:46 - 00000000 ____D C:\KMPlayer
2015-12-05 13:57 - 2015-10-18 22:55 - 00000000 ____D C:\Users\egon41
2015-12-05 13:50 - 2015-10-18 23:04 - 00000062 _____ C:\Users\egon41\AppData\Roaming\sp_data.sys
2015-12-05 13:49 - 2013-10-30 20:08 - 00003268 _____ C:\Windows\System32\Tasks\AsusVibeSchedule
2015-12-05 13:49 - 2013-10-30 20:03 - 00003028 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2015-12-05 13:49 - 2013-10-30 20:03 - 00003004 _____ C:\Windows\System32\Tasks\ASUS Splendid ColorU
2015-12-05 13:49 - 2013-10-30 20:03 - 00002988 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2015-12-05 13:48 - 2013-10-30 20:02 - 00003056 _____ C:\Windows\System32\Tasks\ASUS P4G
2015-12-05 13:48 - 2013-10-30 20:02 - 00002956 _____ C:\Windows\System32\Tasks\ASUS InstantOn Config
2015-12-05 13:48 - 2013-10-30 19:53 - 00003540 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2015-12-05 13:46 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-05 13:45 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-05 12:00 - 2013-10-30 20:03 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-12-05 12:00 - 2013-10-30 20:03 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-12-05 10:53 - 2015-10-20 22:45 - 00000000 ____D C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0
2015-12-04 22:59 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2015-12-04 21:35 - 2013-10-30 19:55 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-12-04 21:34 - 2013-10-30 20:02 - 00000000 ____D C:\ProgramData\P4G
2015-12-04 21:34 - 2012-08-02 14:28 - 00000000 ____D C:\Users\Administrator
2015-12-04 21:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration
2015-12-04 21:33 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf
2015-12-04 21:32 - 2013-10-30 20:06 - 00000000 ____D C:\ProgramData\Temp
2015-12-03 23:55 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-03 21:45 - 2015-10-26 09:16 - 00000000 ____D C:\Users\egon41\AppData\LocalLow\Adobe
2015-12-02 09:59 - 2012-08-02 19:06 - 00727488 _____ C:\Windows\system32\perfh005.dat
2015-12-02 09:59 - 2012-08-02 19:06 - 00148006 _____ C:\Windows\system32\perfc005.dat
2015-12-02 09:59 - 2012-07-26 08:28 - 01714430 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 11:24 - 2015-10-19 20:11 - 00000400 _____ C:\Users\egon41\AppData\Roaming\burnaware.ini
2015-11-25 17:30 - 2015-09-23 22:36 - 00000000 ____D C:\Users\egon41\Desktop\Nová složka
2015-11-25 00:16 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2015-11-24 18:56 - 2015-10-19 23:53 - 00099384 _____ C:\Users\egon41\AppData\Roaming\inst.exe
2015-11-24 18:56 - 2015-10-19 23:53 - 00082816 _____ (VSO Software) C:\Users\egon41\AppData\Roaming\pcouffin.sys
2015-11-24 18:56 - 2015-10-19 23:53 - 00007859 _____ C:\Users\egon41\AppData\Roaming\pcouffin.cat
2015-11-24 18:56 - 2015-10-19 23:53 - 00000000 ____D C:\Users\egon41\AppData\Roaming\Vso
2015-11-24 18:56 - 2015-10-19 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-11-24 18:56 - 2015-10-19 23:53 - 00000000 ____D C:\Program Files (x86)\VSO
2015-11-24 18:01 - 2015-10-20 08:42 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1100953112-3390083647-3253037084-1001
2015-11-15 22:15 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2015-11-15 21:58 - 2015-10-19 19:38 - 00000000 ____D C:\Users\egon41\AppData\Roaming\Mozilla
2015-11-15 21:58 - 2015-10-19 19:38 - 00000000 ____D C:\Users\egon41\AppData\Local\Mozilla
2015-11-15 18:49 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-15 18:48 - 2012-08-02 19:01 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\system32\winrm
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\system32\WCN
2015-11-15 18:48 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\system32\slmgr
2015-11-15 18:48 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-11-15 18:48 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\MUI
2015-11-15 18:48 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\Sysprep
2015-11-15 18:46 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-11-15 12:49 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2015-11-14 20:57 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\migwiz
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-11-14 20:57 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-11-14 20:57 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-11-14 20:57 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2015-11-14 20:57 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\servicing
2015-11-14 20:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-11-14 20:53 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-11-14 20:52 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\en-GB
2015-11-14 20:52 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-11-14 20:52 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2015-11-14 20:52 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB
2015-11-14 20:52 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\Com
2015-11-14 20:52 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\Dism
2015-11-13 09:51 - 2013-05-01 12:18 - 00000000 ____D C:\ProgramData\McAfee
2015-11-13 09:51 - 2013-05-01 12:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-13 09:50 - 2013-05-01 12:07 - 00281632 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 13:24 - 2015-10-20 17:09 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-05 09:54 - 2015-10-20 18:05 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)

==================== Files in the root of some directories =======

2012-06-06 05:06 - 2012-06-06 05:06 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-10-19 20:11 - 2015-11-30 11:24 - 0000400 _____ () C:\Users\egon41\AppData\Roaming\burnaware.ini
2015-10-19 23:53 - 2015-11-24 18:56 - 0099384 _____ () C:\Users\egon41\AppData\Roaming\inst.exe
2015-10-19 23:53 - 2015-11-24 18:56 - 0007859 _____ () C:\Users\egon41\AppData\Roaming\pcouffin.cat
2015-10-19 23:53 - 2015-11-24 18:56 - 0001167 _____ () C:\Users\egon41\AppData\Roaming\pcouffin.inf
2015-10-19 23:54 - 2015-11-24 18:56 - 0000055 _____ () C:\Users\egon41\AppData\Roaming\pcouffin.log
2015-10-19 23:53 - 2015-11-24 18:56 - 0082816 _____ (VSO Software) C:\Users\egon41\AppData\Roaming\pcouffin.sys
2015-10-18 23:04 - 2015-12-05 13:50 - 0000062 _____ () C:\Users\egon41\AppData\Roaming\sp_data.sys
2015-10-19 23:55 - 2015-10-20 09:09 - 0000668 _____ () C:\Users\egon41\AppData\Roaming\vso_ts_preview.xml
2013-10-30 19:49 - 2013-10-30 19:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 12:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2015-10-20 23:24 - 2012-10-24 20:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1491025.exe

Files to move or delete:
====================
C:\ProgramData\uninstall1491025.exe

Some files in TEMP:
====================
C:\Users\egon41\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\egon41\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\egon41\AppData\Local\Temp\ICReinstall_Firmware Installer.exe
C:\Users\egon41\AppData\Local\Temp\ICReinstall_Setup__307169.exe
C:\Users\egon41\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\egon41\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\egon41\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\egon41\AppData\Local\Temp\{F7707066-636E-4DC9-AE1A-5243FE330685}.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus a Antispyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus a Antispyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\egon41\Desktop" je 14718 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP
"C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableS3S4
c:\windows\temp\DisableS3S464\sethigh.cmd [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\Windows\system32\hkcmd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
C:\Windows\system32\igfxtray.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcpltui_exe
"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

je to správně??????

#4 Příspěvek od **Rudy** » 05 pro 2015 16:57

Ano, je. Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

estadra · #5 Příspěvek od **estadra** » 05 pro 2015 17:23

# AdwCleaner v5.023 - Logfile created 05/12/2015 at 17:17:49
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 8 (x64)
# Username : egon41 - EGON
# Running from : C:\Users\egon41\Documents\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Service Mgr CateredtoYou
[-] Service Deleted : Update Mgr CateredtoYou

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Catered to You
[-] Folder Deleted : C:\Program Files (x86)\Common Files\a95f8535-bd08-4370-a6e0-814924c0d5f0
[!] Folder Not Deleted : C:\Program Files (x86)\Common Files\a95f8535-bd08-4370-a6e0-814924c0d5f0
[-] Folder Deleted : C:\ProgramData\simplitec
[-] Folder Deleted : C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0
[!] Folder Not Deleted : C:\ProgramData\a95f8535-bd08-4370-a6e0-814924c0d5f0
[-] Folder Deleted : C:\Users\egon41\AppData\Local\TNT2
[-] Folder Deleted : C:\Users\egon41\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\egon41\AppData\Roaming\Mozilla\Firefox\Profiles\608upvaa.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[-] Folder Deleted : C:\Users\egon41\Documents\Mobogenie

***** [ Files ] *****

[-] File Deleted : C:\Users\egon41\daemonprocess.txt

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b90183ad-1cf4-4d7b-9461-b89083957547}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b90183ad-1cf4-4d7b-9461-b89083957547}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b90183ad-1cf4-4d7b-9461-b89083957547}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b90183ad-1cf4-4d7b-9461-b89083957547}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKLM\SOFTWARE\simplitec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Catered to You
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3194 bytes] ##########

estadra · #6 Příspěvek od **estadra** » 05 pro 2015 17:25

já se vrátila v bodu obnovení o dva dny. ale ty soubory mě to nevrátilo

#7 Příspěvek od **Rudy** » 05 pro 2015 18:29

Se zakódování bývá potíž, někdy se to ani rozkódovat nedá. Dejte nový log FRST.

estadra · #8 Příspěvek od **estadra** » 05 pro 2015 18:42

už sem ho sem dávala je to ten samej... bod obnovení jsem udělala hned jak jsem přišla na to že se mě ty soubory nesmyslně změnily...

pak jsem sem přišla.. a udělala ten jeden test a druhej test za tu dobu jsem neudělala nic nového

zkoušela jsem Kaspersky ale nejak to nefunguje.. delam to co me to pise.. ale ono to nic nedela

#9 Příspěvek od **stell** » 05 pro 2015 19:35

Zdravim
1:Uvedomte si prosim,ze kolega vam nedesifruje subory,ale len cisty pc od smejdov.
2:Obnovenie systemu je len obnova systemu a nie vasih suborov a dat.
3:Podla mojho nazoru uz ste urobili vsetko mozne aj nemozne aby ste stratili vsetky data.....

Prosim napiste sem ze aku priponu pridal virus ku zasifrovanym suborom.
Podla toho vam napisem,ci este existuje moznost desifrovat vase subory.
Dakujem

estadra · #10 Příspěvek od **estadra** » 05 pro 2015 19:39

jsou různé

1yqmk.5cx
14zfz2n543.va2h
2kybx.m5e

atd každej soubor má jinou koncovku ..

#11 Příspěvek od **stell** » 05 pro 2015 19:49

Prosim napiste sen cely nazov suboru.
napriklad takto.
nieco.jpg.14zfz2n543.va2h
takto vyzera vas subor jpg??

estadra · #12 Příspěvek od **estadra** » 05 pro 2015 20:00

já napsala celej název souboru.. i s koncovkou

takhle to tam mám prostě napsané

#13 Příspěvek od **stell** » 05 pro 2015 20:02

Postupujte takto.
1:Pravy klik na zasifrovany subor>>lavy klik vlastnosti>>a skopirujte sem z okienka vsetko co tam je.
dakujem

estadra · #14 Příspěvek od **estadra** » 05 pro 2015 20:05

#15 Příspěvek od **stell** » 05 pro 2015 20:08

Prosim urobte to este raz, ale skuste to na zasifrovanej fotke, alebo.pdf, alebo .docx.
dakujem

VIRY.CZ

přepsané přípony virem

přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem

Re: přepsané přípony virem